Privacy policy for the use of the figo website

figo GmbH (hereinafter referred to as “figo”) is always aware of the importance of the data entrusted to us. The responsible handling, confidentiality and protection of your data is therefore of particular importance to us. The Processing of your personal data is carried out exclusively within the framework of the statutory provisions, the applicable data protection law and this data protection policy. This data protection policy informs you which personal data is processed via our website www.figo.io .

In the following we will show you the type, scope and purpose of processing your personal data. You can access this information at any time on our website in the current version at www.figo.io/datenschutzerklarung.Additionally, we make the data privacy information pursuant to the EU General Data Protection Regulation available to you in a separate document.

We ask you to take note of the following information.

Controller/ Contact

“Controller” in the sense of the EU-General Data Protection Regulation (GDPR), other data protection laws in force in the member states of the European Union and other data protection provisions is:

If you have any questions or suggestions regarding data protection, please do not hesitate to contact us by e-mail at datenschutz@figo.io

The subject of data protection

The subject of data protection is personal data. Individual specifications about the personal or objective relationships of a defined or definable natural person. Personal data is therefore information that can be used to draw conclusions about an identified or identifiable natural person. In principle, all information about which a personal reference can be established also falls under the concept of personal data. For example, a person’s name, address, e-mail address, telephone number, personnel number, vehicle registration number plate, appearance or walk are all personal data. Furthermore, usage data also has a personal connection. Usage data means data that is required to use our Website. This includes, for example, information about the start, end and scope of your use.

Scope of personal data processing

We only process personal data of our users if this is necessary to provide a functional website. Collection and utilisation of our users’ personal data is only undertaken periodically with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and where the processing of the data is permitted by law.

Automated data collection in the provision of the website

When you access our website, your browser or mobile phone automatically transmits the following data for technical reasons:

Date and time of access

Browser type/version

Operating system used

Resource retrieved

Quantity of data transmitted

The user’s IP address

This data is stored exclusively for technical reasons and is not assigned to any person at any time.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The data is stored in log files to ensure the website’s functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the storage of the data in log files, this is the case after 31 days at the latest.

Objection and removal option

Collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, there is no option to object on the part of the user.

Cookies

Cookies are small text files that make it possible to store specific device-related information on the user’s device. On the one hand, they serve the user-friendliness of websites and thus the users. On the other hand, they serve the collection of statistical data for the use of the website and analysis of these for the purpose of improving the offer. The user can control the use of cookies. Most browsers have an option which limits or completely prevents storage of cookies.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after changing pages.

We also use cookies on our website which enable analysis of the user’s surfing behaviour.

The user data collected in this way is pseudonymised via technical provisions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users’ other personal data. When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.

The purpose of using technically necessary cookies is to simplify use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser will be recognised even after changing the page.

The analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimise our service.

Duration of storage, objection and removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features in full.

Contact via the website

Due to legal regulations, the figo website contains information that enables quick electronic contact to our company, in particular a general e-mail address. If you contact us by e-mail, the personal data that you transmitted will be automatically stored. Such personal data transmitted to us on a voluntary basis will be stored for the purposes of contacting or dealing with the matter for you. Log files are also created for technical reasons. This data is not transferred to third parties.

Legal basis for data processing

The legal basis for processing the data, if the user’s consent to this has been obtained, is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data transferred in the course of sending an email is Art. 6 Para. 1 lit. f GDPR.

If the email contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 (b) GDPR.

Purpose of data processing

The processing of personal data in the input screen is used by us only for processing the contact.

The legitimate interest of the person responsible for the collection of the log files lies in ensuring the proper functioning of the website.

The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was collected in addition during the sending procedure will be deleted after a period of seven days at the latest.

Objection and removal option

The user has the option of revoking his or her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case.

Newsletter, data protection regulations regarding the use and application of MailChimp

Users are given the opportunity to subscribe to the figo newsletter on our website. The personal data transmitted to the data processor when the newsletter is ordered results from the input form used for this purpose.

figo informs business partners and interested parties at regular intervals by means of a newsletter about offers from the company. Recipients of the newsletter will be informed about content related to figo, e.g. product updates or Bankathon-Events. You can find out more about the Bankathon on the bankathon.net website. Our company newsletter can only be received if (1) you have a valid e-mail address and (2) you register for the newsletter dispatch. Furthermore, subscribers to the newsletter can be informed by e-mail if there are changes to the newsletter offer or changes in the technical conditions.

Data processing in connection with the sending of the newsletter only takes place if you have given your explicit consent. This is done regularly by means of a double opt-in procedure. The data stored on successful registration is transmitted to Rocket and stored by Rocket. The data entered during registration will not be passed on to any other third parties.

MailChimp uses the stored data for sending and evaluating the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, the service does not use the recipient data of our newsletter to approach recipients directly nor do they pass the information on to third parties.

MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect our users’ data, to process it on our behalf in accordance with our data protection regulations and, in particular, not to pass it on to third parties. You can view MailChimp’s privacy policy at https://mailchimp.com/legal/privacy/ .

MailChimp also uses the Google Analytics analysis tool from Google, Inc and may include it in its newsletters. Further details on Google Analytics can be found in this data protection statement under “Google Analytics”.

Legal basis for data processing

The legal basis for processing data after the user registers for the newsletter is, if the user’s consent to this has been obtained, is Art. 6 Para. 1 lit. a GDPR.

Purpose of data processing

The user’s email address is collected in order to deliver the newsletter.

Duration of retention

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The user’s e-mail address will therefore be stored as long as the subscription to the newsletter has not been revoked.

Objection and removal option

The consent to receive the newsletter and to the associated storage of data can be revoked by the user concerned at any time. You can revoke your consent at any time by sending an e-mail to contact@figo.io or by clicking on the link provided in each newsletter.

We use, on the basis of our legitimate interest in the analysis, optimisation and operation of our website within the meaning of Art. 6 para. 1 lit GDPR, content and applications from Slideshare, Soundcloud, Youtube and Vimeo on our pages. The use of the offer presupposes that the named providers recognise the IP address of the users. Without the IP address, you cannot send the content to the browser of the respective user. figo has no influence on whether the third-party providers store the IP addresses, e.g. for statistical purposes. For more information about this, please check the relevant third-party website:

YouTube – to integrate and play video content in contributions via YouTube’s “Embedded Player”. The “Extended data protection mode” is activated. As a result, YouTube does not store any information about visitors to the website. Only when you watch a video is information transmitted to YouTube and stored there. For more information, please refer to YouTube’s privacy policy: https://youtube.com/t/privacy

Use of Google Analytics with anonymisation function

Google Analytics uses the “cookies” mentioned above, which are stored on your computer in order to enable an analysis of the use of the website by you. Cookie-generated information about your use of this website is usually transmitted to and stored on a Google server in the USA.

By using this website you agree to theprocessing of data about you by Google in the manner described above and for the aforementioned purpose.

IP anonymisation

We use the “Activate IP anonymization” function on this website, to ensure anonymized collection of IP addresses (so called IP masking). Thus your IP address will be truncated by Google within the member states of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on our behalf, for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not bought together with other Google data. Google may also pass this information on to third parties in so far as this is required by law or if third parties process the data on Google’s behalf.

Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage web page tags through a single interface. The ‘Tag Manager’ tool itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. The “Google Tag Manager” does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, insofar as they are implemented with “Google Tag Manager”. For more information, see: http://www.google.de/tagmanager/use-policy.html.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser software or by installing the appropriate browser add-ons. You can also prevent cookie-generated data about your use of the website (including your IP address) being passed on to Google, and prevent this data from being processed by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent data collection by Google Analytics by clicking on the following link. This sets an opt-out cookie that prevents the future collection of your data when visiting this website:

We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to be carried out, you can disable the function via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).

Retargeting

Our websites use so-called retargeting technologies from Google, Facebook and LinkedIn. This technology makes it possible to address Internet users who have already been interested in our website with advertising on the websites of our partners. The insertion of these advertising materials on the pages of our partners is based on cookie technology and is completely anonymous. No personal data is stored and no user profiles are combined with your personal data.

Google Adwords

We use the online advertising program Google AdWords, which was developed by Google Inc. “(“Google”) is operated in the USA and in the context of “Conversion-Tracking” (statistical evaluation). Cookies can be used to do this. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website when the cookie has not yet expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google AdWords advertiser has a different cookie. This means that cookies cannot be tracked via the website of an Adwords customer. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. figo learns the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, advertisers do not obtain any information that can be used to personally identify users. Users who do not wish to participate in tracking can easily disable the cookie of Google conversion tracking on their Internet browser and user settings. These users will not be included in the conversion tracking statistics. For more information, see http://www.google.com/intl/de/policies/privacy. The following Google AdWords features are used on this website:

Remarketing

Interest Categories

Similar target groups

Other types of interest-based advertising

We use these Google Adwords features to redirect visitors to this site to third-party websites or to appeal to Internet users with specific interest profiles based on their internet usage. We do not collect any personal information with our cookies, remarketing lists or other anonymous IDs.

Using LinkedIn Insight

We use the LinkedIn Insight Conversion Tool from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, which allows us to obtain information about the use of our website and to present advertising content tailored to your interests on other websites. A cookie with a validity of 120 days is set in your browser, which enables LinkedIn to recognise you when you visit a website. LinkedIn uses this information to create anonymous reports for us about ad activity and information about how you interact with our website.

We use the Facebook Custom Audience Pixel (“Facebook Pixel”) from Facebook Inc, 1601 S. Carolina Ave, Palo Alto, CA 94305, USA (“Facebook”) on our website. This enables us to track the behaviour of our visitors who are directed to our website by clicking on a Facebook ad and is used to present you with interest-based advertising during your visit to the Facebook website. The Facebook Pixel establishes a direct connection to Facebook’s servers. Facebook collects the Facebook ID of visitors, the forwarding URL and browser information in anonymous form.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to figo:

The right to be informed

As a data subject, you have the right granted by the European Directive and Regulator to receive free information from figo about your stored personal data and a copy of this information at any time. Furthermore, the European Directive and Regulator has granted you, as the person concerned, access to the following information:

the purposes of processing;

the categories of personal data concerned;

the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;

the existence of the right to lodge a complaint with a supervisory authority;

where the personal data is not collected from the data subject, any available information as to their source;

the existence of automated decision-making, including profiling, in accordance with Article 22 Para.1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, you have a right of access to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, you have, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.

If you would like to make use of this right to information, you can contact one of our employees at support@figo.io at any time.

The right of rectification

You also have the right, granted by the European legislator, to request the immediate rectification of inaccurate personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you would like to make use of this right to information, you can contact one of our employees at support@figo.io at any time.

The right to limitation of processing

You have the right granted by the European legislator of directives and regulations to require figo to restrict processing if one of the following conditions is met:

The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.

The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.

We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.

You have objected to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet clear whether figo’s legitimate reasons outweigh yours.

If one of the above conditions is fulfilled and you wish to request the restriction of personal data stored by figo, you can contact one of our employees at support@figo.ioat any time. Our employee will arrange for processing to be restricted.

Right to erasure

You have the right granted by the European Directive and Regulator to require figo to delete your personal data immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

You revoke your consent on which the processing pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR and there is no other legal basis for processing.

You submit an objection to the processing according to Art. 21 Para. 1, GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection according to Art. 21 Para. 2 GDPR objecting to the processing.

The personal data has been unlawfully processed.

The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the responsible person is subject.

The personal data concerning you has been collected in relation to services offered by the information society according to Art. 8 Para. 1 GDPR.

If one of the above-mentioned reasons applies and you wish to have your personal data stored at figo deleted, you can contact one of our employees at support@figo.io at any time. The employee will arrange for the deletion request to be complied with without delay.

If the personal data has been made public by us and our company is responsible pursuant to Art. 17 Para. 1 GDPR to delete personal data, we will take appropriate measures, including technical measures, taking into account available technology and implementation costs, to inform other data processors who process the published personal data, that you have requested the deletion of all links to such personal data or of copies or replications of such personal data from those other data processors, where processing is not necessary. Our employees will do what is necessary in individual cases.

Right to data portability

You have the right granted by the European regulator to receive the personal data concerning you that you have provided to figo in a structured, common and machine-readable format. You also have the right to transfer this data to another data controller without obstruction by figo, provided that the processing is based on the consent provided for in Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract in accordance with Art. 6 para. 1 letter b GDPR and processing is carried out by means of automated procedures, except where processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 GDPR, the right to require that the personal data is transmitted directly from figo to another responsible person, as far as technically feasible and provided that this does not affect the rights and freedoms of others.

To assert the right to data transferability, you can contact one of our employees at support@figo.io at any time.

Right of appeal

You have the right granted by the European legislator for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which may be processed on the basis of Art. 6 para. 1 letters e or f GDPR. This also applies to profiling based on these provisions.

figo no longer processes personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If figo processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to figo processing for direct advertising purposes, figo will no longer process your personal data for these purposes.

Furthermore, for reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you which figo uses for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary to fulfil a task in the public interest.

To exercise your right of objection, you can contact any of our employees at support@figo.io at any time. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Automated individual decision-making including profiling

You have the right granted by the European directive and regulatory body not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against you or which significantly affects you in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between you and figo, or (2) is admissible under Union or Member State legislation to which figo is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or (3) takes place with your express consent.

If the decision (1) is necessary for the conclusion or performance of a contract between you and us or (2) is made with your express consent, figo will take reasonable measures to protect your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by figo, to state their own position and to challenge the decision.

If you wish to assert rights relating to automated decisions, you can contact one of our employees at support@figo.io at any time.

Right to withdraw data protection consent

You have the right to revoke your consent to the processing of personal data at any time as granted by the European Directive and Regulator.

If you would like to exercise your right to revoke your consent, you can contact one of our employees at support@figo.io at any time.

The right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of GDPR.

The supervisory authority responsible for figo is:

Freie und Hansestadt Hamburg

The Hamburg Commissioner for Data Protection and Freedom of Information

Prof. Dr. Johannes Caspar

Kurt-Schumacher-Allee 4, 20097 Hamburg

Phone: 040 / 428 54 – 4040

Fax: 040 / 428 54 – 4000

E-mail: mailbox@datenschutz.hamburg.de

The supervisory authority with which the appeal has been lodged shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.